SBE: Small: Collaborative: Modeling Insider Threat Behavior in Financial Institutions: Large Scale Data Analysis

SBE：小型：协作：金融机构内部威胁行为建模：大规模数据分析

• 批准号: 1419856
• 负责人: Raghav Rao
• 金额: $ 34.23万
• 依托单位: SUNY at Buffalo
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2014
• 资助国家: 美国
• 起止时间: 2014-08-15 至 2017-03-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1419856&HistoricalAwards=false
• 关键词: SBE; Small; Collaborative; Modeling; Insider

Insiders pose substantial threats to an organization, regardless of whether they act intentionally or accidentally. Because they usually possess elevated privileges and have skills, knowledge, resources, access and motives regarding internal systems and data, insiders can easily circumvent security countermeasures, steal valuable data, and cause damage. Perimeter and host-based countermeasures like firewalls, intrusion detection systems, and antivirus software are ineffective in preventing and detecting insider threats. Despite the availability of abundant anecdotal information regarding insider threats, research relying on field data to advance understanding of such threats is still lacking. This proposal presents a theoretically driven approach to investigate the risk of insider threat within financial institutions. It will utilize large scale field data from two financial institutions to provide comparison and improve the generalizability of results.Intellectual Merit: The proposed research will use criminology theories and extend them to the domain of insider threat. It will use both objective log data from the enterprise single sign-on (eSSO) systems and subjective data through surveys and focus groups to understand perceptual characteristics of applications as well as perceptions of employees regarding attractiveness of targets. Thus, this research will be among the first that takes both the technical and human aspects into consideration in investigating victimization risk and attack proneness associated with information assets within financial institutions. In essence, the proposed study will utilize multi methods and multi-source data to establish how information resources can be better protected from misuse and abuse of access privileges. The study will initiate a new perspective for analyzing existing behavioral log data to improve the practice of risk management, which may have a transformative impact in terms of mitigating risks from different user groups and informing interventions to deal with the insider threat problem. Broader Impact: This multi-disciplinary collaborative project will deepen understanding of insider threat behavior in the context of financial institutions. A PhD student will be funded at each university and the research will result in a few Masters' independent studies in this area as well. The findings of this proposal will be disseminated among the law enforcement task forces, as well as banking organizations. The channels to be employed include workshops with the local InfraGuard program in collaboration with the regional FBI office. The outcomes of the proposal will not only provide an applied understanding of insider threat, but also important implications for risk management applications. It is important to note that the President's Critical Infrastructure Protection Board identified the banking and finance sector as one of the critical infrastructures to be secured. This proposal will help in this regard by having an impact on public policy with respect to regulations for financial institutions. The potential reduction in financial crime as a result would have significant societal benefits.

内部人员对组织构成重大威胁，无论他们是故意还是无意采取行动。由于内部人员通常拥有更高的权限，并且拥有关于内部系统和数据的技能、知识、资源、访问权限和动机，因此他们可以轻松规避安全对策，窃取有价值的数据并造成损害。防火墙、入侵检测系统和反病毒软件等周边和基于主机的对策在预防和检测内部威胁方面无效。尽管有大量关于内部威胁的轶事信息可用，但依靠现场数据来促进对此类威胁的理解的研究仍然缺乏。这项提议提出了一种理论驱动的方法来调查金融机构内部的内部威胁风险。它将利用来自两家金融机构的大规模现场数据来提供比较并提高结果的普适性。智力优势：拟议的研究将使用犯罪学理论并将其扩展到内部威胁领域。它将使用来自企业单点登录(ESSO)系统的客观日志数据和通过调查和焦点小组的主观数据来了解应用程序的感知特征以及员工对目标吸引力的看法。因此，这项研究将是第一个在调查金融机构内与信息资产相关的受害风险和攻击倾向时同时考虑技术和人为因素的研究之一。实质上，拟议的研究将利用多种方法和多源数据来确定如何更好地保护信息资源，使其不被滥用和滥用访问权限。这项研究将开启一个分析现有行为日志数据的新视角，以改进风险管理实践，这可能在缓解来自不同用户群体的风险和为应对内部威胁问题的干预提供信息方面产生变革性影响。更广泛的影响：这个多学科协作项目将加深对金融机构背景下的内部威胁行为的理解。每所大学将资助一名博士生，这项研究也将导致几名硕士在这一领域的独立学习。这项建议的结果将在执法特别工作组以及银行组织中传播。将采用的渠道包括与地区联邦调查局办公室合作举办的与当地红外警卫队计划的讲习班。该提案的结果不仅将提供对内部威胁的应用理解，还将对风险管理应用程序产生重要影响。必须指出的是，总统的关键基础设施保护委员会将银行和金融部门确定为需要保护的关键基础设施之一。这项提案将对金融机构条例方面的公共政策产生影响，从而有助于这方面的工作。因此，金融犯罪的潜在减少将产生巨大的社会效益。